Haciyev Reşit 
A notable incident that has once again raised security concerns in the cryptocurrency market has occurred. The decentralized lending and borrowing platform Venus Protocol suffered a loss of approximately $3.7 million following an attack on the BNB Chain. According to a statement from the platform, the attacker manipulated the protocol’s supply cap mechanism using the Thena (THE) token, allowing them to borrow multiple digital assets from the system. On-chain data shows that the attacker used the collateral mechanism to withdraw different assets, targeting the platform’s liquidity pools during the process. Following the incident, the Venus Protocol team temporarily suspended borrowing and withdrawal operations involving the THE token as a security measure and announced that a comprehensive investigation had been launched to examine the details of the attack.
How Did the Venus Protocol Attack Happen?
On-chain data reveals that the attack was carried out using a highly planned and complex strategy. According to analyses, the attacker used an address beginning with 0x1a35 and spent a long period preparing within the system. Research indicates that over approximately nine months, the attacker gradually accumulated around 84% of the THE token supply (about 14.5 million tokens) while quietly attempting to gain control over market liquidity. The actual exploit began when the tokens were transferred directly to the protocol contract. With this method, the attacker managed to bypass the platform’s normal deposit and supply cap control mechanisms. As a result, a collateral position far exceeding the system’s allowed limits was created. Ultimately, the attacker established a massive collateral position reaching approximately 3.7 times the permitted limit, enabling them to borrow a significant amount of assets from the protocol.
Using the inflated collateral value, the attacker borrowed large amounts of crypto assets from the protocol. According to blockchain analysis, the assets taken included:
- 20 BTC (Bitcoin)
- 1.58 million USDC
- 801 BNB
- 6.67 million CAKE tokens
As a result of these transactions, the total loss was reported to exceed $3.7 million.
Price Manipulation and THE Token Collapse
One of the strategies used during the attack involved price manipulation. After borrowing assets from the protocol using THE tokens as collateral, the attacker bought more THE tokens from the market to increase the collateral value. The goal was to wait for the oracle price mechanism to update, artificially inflating the collateral value and enabling the withdrawal of even more assets from the system. During this manipulation process, the THE token price rose from approximately $0.26 to $0.56. However, once the liquidation process began, heavy selling pressure quickly emerged in the market, causing the token price to drop sharply to around $0.22. Following the incident, market confidence declined, and the THE token lost more than 17% of its value within 24 hours.
After the attack, the Venus Protocol team quickly implemented several security measures. In a statement, the platform said:
“While we continue investigating unusual activity in the THE pool, we have temporarily suspended all THE borrowing and withdrawal operations to prevent further abuse.”
Additionally, the platform temporarily paused operations in several markets with high liquidity concentrations, including BCH, LTC, UNI, AAVE, FIL, and TWT.
DeFi Security Back in the Spotlight
This incident once again highlights that security vulnerabilities remain a significant risk in the DeFi ecosystem. As the industry grows, attack methods are becoming increasingly sophisticated. According to data from blockchain security firm PeckShield, total losses from crypto hacks fell to $49 million in February, marking the lowest level in the past year. However, phishing and social engineering attacks have increased during the same period. Experts emphasize that DeFi platforms need stronger security measures, particularly in critical areas such as supply caps, oracle price mechanisms, and collateral systems. The Venus Protocol attack once again exposed the security risks faced by decentralized finance platforms. The exploit, which resulted in a $3.7 million loss, demonstrates that supply cap manipulation and the abuse of pricing mechanisms continue to pose serious threats to DeFi protocols. Experts stress that strengthening security infrastructure is crucial for maintaining investor confidence in the DeFi ecosystem.
In the comment section, you can freely share your comments and opinions about the topic. Additionally, don’ t forget to follow us on Telegram, YouTube, and Twitter for the latest news and updates.